Python: Mention yaml.safe_load in the qhelp

2025-12-20 10:46:30 +01:00 · 2021-02-12 11:38:51 +01:00
parent 8a2e063af7
commit f328e84bd2
1 changed files with 3 additions and 0 deletions
--- a/python/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp
+++ b/python/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp
@@ -24,6 +24,9 @@ Avoid deserialization of untrusted data if at all possible.  If the
 architecture permits it then use other formats instead of serialized objects,
 for example JSON.
 </p>
+<p>
+If you need to use YAML, use the <code>yaml.safe_load</code> function.
+</p>
 </recommendation>

 <example>